Search the VMware Knowledge Base (KB)
View by Article ID

Best practices for upgrading to VMware vCloud Networking and Security 5.5.0a (2055673)

  • 4 Ratings

Purpose

This article provides best practices for upgrading a vShield environment to vCloud Networking and Security 5.5.0a.

Notes:
  • This article assumes that you have read the vShield Installation and Upgrade Guide. The vShield Installation and Upgrade Guide contains definitive information. If there is a discrepancy between the guide and this article, assume that the guide is correct.
  • For information on a new installation of vCloud Networking and Security 5.5.0a, see the vShield Installation and Upgrade Guide.

Resolution

To upgrade vShield, you must first upgrade vShield Manager and then update the other components for which you have a license.

You must complete the upgrades in this order:
  1. vShield Manager
  2. vCenter Server
  3. Other vShield components managed by vShield Manager
  4. ESXi hosts

Software Requirements

For information on the latest interoperability, see the Product Interoperability Matrix.

The minimum required versions of VMware products to be installed with vShield 5.5.0a include:

  • VMware vCenter Server 5.1 or later

    • For VXLAN virtual wires, you need vCenter Server 5.1 or later

  •  VMware ESXi/ESX 5.0 or later for each server

    • For VXLAN virtual wires, you need VMware ESXi 5.1 or later
    • For vShield Endpoint, you need VMware ESX 5.0 or later
  • VMware Tools

    • For vShield Endpoint and vShield Data Security, you must upgrade your virtual machines to hardware version 7 or 8, and install VMware Tools 8.6.0 (that was released with ESXi 5.0 Patch 3)
    • You must install VMware Tools on virtual machines that are to be protected by vShield App

  • VMware vCloud Director 5.5 or later

Client and User Access Requirements

VMware vShield 5.5.0a has these client and user access requirements:

  • PC with the vSphere Client installed
  • If you add ESXi hosts by name to the vSphere inventory, ensure that DNS servers have been configured on the vShield Manager and name resolution is working. If you do not do this, vShield Manager cannot resolve the IP addresses.
  • Permissions to add and power on virtual machines
  • Access to the datastore where you store virtual machine files, and the account permissions to copy files to that datastore
  • Ensure that you have enabled cookies on your web browser to access the vShield Manager user interface
  • Port 443 must be accessible from the ESXi host, the vCenter Server, and the vShield appliances to be deployed. This port is required to download the OVF file on the ESXi host for deployment.
  • Connection to the vShield Manager user interface using one of these supported browsers:

    • Internet Explorer 6.x and later
    • Mozilla Firefox 1.x and later
    • Safari 1.x or 2.x

System Requirements

This table outlines minimum system requirements:

Component Minimum Requirements
Memory
  • vShield Manager (64-bit): 8 GB, 3GB reserved
  • vShield Edge compact: 512 MB, large: 1GB, x-large: 8GB
  • vShield Endpoint Service: 1GB
  • vShield Data Security: 512 MB
Disk Space
  • vShield Manager: 60 GB
  • vShield Edge compact and large: 512 MB, x-Large: 4.5 GB (with 4 GB swap file)
  • vShield Endpoint Service: 4 GB
  • vShield Data Security: 6GB per ESX host
vCPU
  • vShield Manager: 2
  • vShield Edge compact: 1, large and x-Large: 2
  • vShield Endpoint Service: 2
  • vShield Data Security: 1


Pre-upgrade preparation

Before starting the upgrade process, consider these points to ensure a successful upgrade: 

  • From the vSphere Client, take a snapshot of the vShield Manager.
  • If you are running a version earlier than 5.1.0, follow the upgrade process documented in Upgrading to vCloud Networking and Security 5.1.2a best practices (2044458) to ensure you are running the correct virtual hardware required as of version 5.1. 
  • For vShield Managers running 5.1.0 (build 807847) that were upgraded from versions 5.0.0 build (473791), 5.0.1 build 638924, or 5.0.2 build 791471, ensure you have upgraded the virtual hardware as documented in Upgrading to vCloud Networking and Security 5.1.2a best practices (2044458).

    Note: This virtual hardware upgrade applies only to vShield Managers that are upgraded from versions 5.0.x or earlier. New installations of vShield Manager 5.1.0 or later already ship with this upgraded virtual hardware.

  • Never uninstall a deployed instance of the vShield Manager appliance.

Upgrading vShield Manager

For vShield Manager 5.1.0 or later:

  1. From the VMware Download Center, download the vShield upgrade bundle to a location that vShield Manager can browse. The name of the upgrade bundle file is:

    VMware-vShield-Manager-upgrade-bundle-5.5.0a-1473628.tar.gz

  2. From the vShield Manager Inventory panel, click Settings & Reports.
  3. Click the Updates tab.
  4. Click Upload Upgrade Bundle.
  5. Click Browse and select the VMware-vShield-Manager-upgrade-bundle-5.5.0a-1473628.tar.gz file.
  6. Click Open.
  7. Click Upload File.
  8. Click Install to begin the upgrade process.
  9. Click Confirm Install. The upgrade process reboots vShield Manager, so you might lose connectivity to the vShield Manager user interface. None of the other vShield components are rebooted.
  10. After the reboot, log in to the vShield Manager again and click the Updates tab. The Installed Release panel displays version 5.5, which is the version you just installed.

Upgrading vShield components 

You must upgrade the other vShield components managed by vShield Manager.

Upgrading the vShield Appliance

To upgrade the vShield Appliance:

  1. Log in to the vSphere Client.
  2. Click Inventory > Hosts and Clusters.
  3. Click the host on which you want to upgrade vShield App.
  4. Click the vShield tab. The General tab displays each vShield component that is installed on the selected host and the available release.
  5. Click Update (next to vShield App).
  6. Select the vShield App option.
  7. Click Install.

    Note: During the vShield App upgrade, the ESXi host is placed into Maintenance Mode by the system and rebooted. Ensure the virtual machines on the ESXi host are migrated (using DRS or vMotion), or that they are powered off to allow the host to be placed into Maintenance Mode.

Upgrading vShield Edge

You must upgrade each vShield Edge instance in your data center. vShield Edge 5.1.2 is not backward compatible and you cannot use 2.0 REST API calls after the upgrade.

Note: During the vShield Edge upgrade, there will be a brief network disruption for the networks that are being served by the given vShield Edge instance.

If you have vShield Edge 5.0.x, each 5.0.x vShield Edge instance on each portgroup in your data center must be upgraded to 5.5.0a.

To upgrade vShield Edge:

  1. Log in to the vSphere Client.
  2. Click the portgroup on which the vShield Edge is deployed.
  3. In the vShield Edge tab, click Upgrade.
  4. View the upgraded vShield Edge:

    1. Click the data center corresponding to the port group on which you upgraded the vShield Edge.
    2. In the Network Visualization tab, click Edges. vShield Edge is upgraded to the compact size. A system event is generated to indicate the ID for each upgraded vShield Edge instance.
    3. Repeat for all other vShield Edges that require upgrading. 

If you have vShield Edge 5.1.0 or later instances, upgrade each Edge:

  1. Log in to the vSphere Client.
  2. Click the data center for which vShield Edge instances are to be upgraded.
  3. Click the Network Visualization tab. All existing vShield Edge instances are shown in the listings page. An arrow icon is shown for each vShield Edge that must be updated.
  4. Click an Edge and click Upgrade from Actions to start the upgrade. When the Edge is upgraded, the arrow icon no longer appears.
  5. Repeat for each vShield that must be upgraded.

What to do next

Firewall rules from the previous release are upgraded with some modifications. Inspect each upgraded rule to ensure it works as intended. For information on adding new firewalls, see the vShield Administration Guide
 
If your scope in a previous release was limited to a port group that had a vShield Edge installation, the user is automatically granted access to that vShield Edge after the upgrade.

Upgrading vShield Endpoint

To upgrade vShield Endpoint from 5.1.x to 5.5.0a, you must first upgrade vShield Manager, then update vShield Endpoint on each host in your data center.

  1. Log in to the vSphere Client.
  2. Click Inventory > Hosts and Clusters.
  3. Click the host on which you want to upgrade vShield Endpoint.
  4. Click the vShield tab. The General tab displays each vShield component that is installed on the selected host and the available version.
  5. Click Update (next to vShield Endpoint).
  6. Click vShield Endpoint.
  7. Click Install.

Upgrading vShield Data Security

To upgrade vShield Data Security from 5.1.x to 5.5.0a, you must first upgrade vShield Manager, then update vShield Data Security on each host in your data center.

  1. Log in to the vSphere Client.
  2. Click Inventory > Hosts and Clusters.
  3. Click the host on which you want to upgrade vShield Data Security.
  4. Click the vShield tab. The General tab displays each vShield component that is installed on the selected host and the available version.
  5. Click Update (next to vShield Data Security).
  6. Click vShield Data Security.
  7. Click Install.
Upgrading VXLAN
 
When upgrading VXLAN, consider these points:
  • VXLAN virtual wires require vCenter Server 5.1 or later.
  • You must upgrade the vCNS server before upgrading the ESXi hosts.
  • Upgrading an ESXi host from 5.1 to 5.5 results in a new kernel module automatically being pushed to the upgraded host.
  • A reboot of the host is required to complete the host upgrade for VXLAN.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 4 Ratings
Actions
KB: